PT-2021-11314 · Micro-Ecc · Micro-Ecc
Kmackay
·
Published
2021-05-20
·
Updated
2021-05-27
·
CVE-2020-27209
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
micro-ecc library version 1.0
Description:
The ECDSA operation of the micro-ecc library is susceptible to simple power analysis attacks. This allows an adversary to extract the private ECC key.
Recommendations:
For micro-ecc library version 1.0, consider implementing countermeasures to prevent simple power analysis attacks, such as using secure coding practices or adding noise to the power consumption patterns. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Micro-Ecc